• andruid
    link
    fedilink
    arrow-up
    6
    ·
    1 year ago

    We need more need to normalize companies stepping up to pay for security development for opensource products they utilize. If companies aren’t putting FTEs to cover their risk of using a product or service then they should be held liable for any damages that causes them or their customers. This is for more than FOSS and for more than CVEs but also critical errors that cause delays in business continuity.

    The issue is many c suite are just now under standing this and many justice systems seem behind on this.